"unprivileged users with UID > INT_MAX can successfully execute any systemctl command"

@wxcafe I'm having a massive deja-vu right now. Wasn't there some other exploit around the UID that was possible in the last year and a half or so?

@spacekookie @wxcafe That bug was that services with an invalid USER= setting (e.g. with a username that started with a digit) still got started, but as root (

This one is a straight bug in polkit. I don't think there is anything that systemd can do, other than to stop using polkit entirely.

@spacekookie @wxcafe I'm pretty sure this bug also means that anything that demands authentication in e.g. KDE or GNOME, flatpak, fwupd,... will be open to users with a UID > INT_MAX.

Because those also use polkit.

@wxcafe mais omg comment ça se fait que personne l'a vu avant ?

@wxcafe well, at least its not a bug directly in systemd this time...

@wxcafe You could say it's a feature: special user INT_MAX, for all your system management, without superuser powers...

Last boost: in which C's automatic int coercions open a security hole.

(Also, lack of failure returns in GObject property setters...)

Sign in to participate in the conversation

This is a mastodon instance for social justice activists, LGBTQIA+ people, and activists in general See the Goals and technical details, and Rules and privacy policy pages for more information